I was encouraged today to read a report that found: “most IT admins, managers, and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns … the typical business spends more time worrying about more mundane threats like spyware and fake antivirus”. At Symantec.cloud , we detect approximately 500 000 ‘mundane’ malware containing emails per day, only about 85 of these are the high profile targeted attacks.
Targeted attacks tend to make the news simply because they are rare and can cause so much damage. We’ve previously described that only 1 in every 35 companies gets sent a targeted Trojan, (https://www-secure.symantec.com/connect/blogs/are-you-risk-targeted-attacks-lifting-lid-who-was-being-targeted-2010). However, everyone gets sent non-targeted malware. We measure that malware containing emails account for 1 in every 222 emails received by companies. In context that means that each user within an organisation is sent a malware containing email roughly every 1 – 2 days, these will be almost exclusively of the 'mundane' type.
Although the damage caused by non-targeted attacks may be less, it still takes time and resources for IT staff to identify and clean infected machines. This is all the more of a problem in a SMB organisation that doesn’t have an in house IT department. If a machine becomes infected, an external IT contractor needs to be called which takes time and costs money. While the machine is being restored an employee’s usual business function is disrupted, losing more time and money.
Its far better to ensure that machines don’t get infected in the first place. Cloud based network scanning detect and remove web and email based malware before it reaches a computer no matter where the computer is located. Such services provide the same level of protection against malware if employees are working from home, on the move, or based in the office. End point protection detects and neutralizes malware when its detected on a computer. Its good to detect malware on the end point than not at all, but its better to block the malware at the network level before it hits the end point. Of course, there will always be the need to detect malware distributed on USB devices and by CDs that never travel over the network, so end point protection will always be needed. But having layers of protection on the end point and on the network minimizes the chance that a malware will penetrate your defenses and cause you to have to pay to clean up the damage.
If you consider that your business has high value information assets within it (these may be systems or data), then you need to consider that a sophisticated attacker may try to gain access. If you are not prepared, an attacker may be able to compromise those assets without you being aware until the attack is complete. The targeted attacker researches their target and crafts a specific attack against their prey. Their deployment of bespoke malware, which may only be associated with a single attack make is particularly difficult to protect againt.
The great advantage of developing a cloud based anti-malware solution is that because we aggregate attack data together from so many clients, its possible to identify so many more of the rare, targeted attacks and to formulate improved methods of detection. If you only ever get one targeted attack a year, you’ll never see the patterns needed to detect them. The more targeted attacks you see, the better you become at protecting against them. Since April 2008 we’ve detected 66 502 targeted attacks, hence we’re in a very good position to protect our clients, small and large alike.
In conclusion, if you’re only going to worry about one type of malware, worry about the most frequent types and make sure that you have effective protection in place. But don’t neglect the threat posed by the targeted attack, if one comes your way, you may not detect it if you’re not prepared. We’ve developed our heuristic based malware detection at Symantec.cloud to detect all types of malware. We block all of the mundane malware and we pride ourselves in blocking the targeted attacks too. We’re proud to offer what we believe is the best possible malware protection and to offer this to small and large clients without distinction.